<?php
session_start();
try {
    if(!$_GET['xh'])throw new Exception(message: '必须提供要删除的学号信息');
$hasright=$_SESSION['user']['xh']===$_GET['xh'] ||$_SESSION['user']['isAdmin'];
if(!$hasright)throw  new Exception(message: 'sorry,你没有删除他人的权限~');
    $db = new PDO("mysql:host=localhost;dbname=db2", 'root', '12qwas');
    $db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
    $ps = $db->prepare('delete from students where xh=? and isAdmin=0');
    $ps->execute([$_GET["xh"]]);
    if ($ps->rowCount() === 1) throw new Exception(message: "没有成功删除记录~");
    unset($_SESSION['user']);
    header(header: 'Location:login.php');
    return;
}catch (PDOException $e) {
    $msg = $e->getMessage();

}
?>
<!doctype html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport"
          content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <title>删除用户</title>
    <style>
        h1{color: black;}
    </style>
</head>
<body>
<h1>删除记录信息错误</h1>
<div class="msg"><?=$msg?></div>
</body>
</html>


